Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-12720

    The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-12966

    The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with A... Read more

    Affected Products : all-in-one_video_gallery
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40280

    In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reinit_self(). [0] The array is protected by RTNL, but tipc_... Read more

    Affected Products : linux_kernel
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-14189

    A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql injection. The attack may be performed from remote. The exploi... Read more

    Affected Products : chanjet_crm
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-14126

    A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. T... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40323

    In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fb_display[i]->mode to NULL when the mode is released Recently, we discovered the following issue through syzkaller: BUG: KASAN: slab-use-after-free in fb_mode_is_equal+0x28... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53755

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: check for null desc before calling pt_cmd_callback Resolves a panic that can occur on AMD systems, typically during host shutdown, after the PTDMA driver had been exer... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53748

    In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53745

    In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector_config If the return value of the uml_parse_vector_ifspec function is NULL, we should call kfree(params) to prevent memory leak.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50627

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix monitor mode bringup crash When the interface is brought up in monitor mode, it leads to NULL pointer dereference crash. This crash happens when the packet type is ext... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50624

    In the Linux kernel, the following vulnerability has been resolved: net: netsec: fix error handling in netsec_register_mdio() If phy_device_register() fails, phy_device_free() need be called to put refcount, so memory of phy device and device name can b... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-66461

    FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affect... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53751

    In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname TCP_Server_Info::hostname may be updated once or many times during reconnect, so protect its access outside reconnec... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53750

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when num_configs is 1 The config passed in by pad wakeup is 1, when num_configs is 1, Configuration [1] should not be fetched, which will ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53746

    In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callback function invoked to release the matrix device uses the dev_get_drvdata(device *dev) function to retrie... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50625

    In the Linux kernel, the following vulnerability has been resolved: serial: amba-pl011: avoid SBSA UART accessing DMACR register Chapter "B Generic UART" in "ARM Server Base System Architecture" [1] documentation describes a generic UART interface. Such... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2022-50623

    In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() The "hdr.count * sizeof(s32)" multiplication can overflow on 32 bit systems leading to memory corruption. Use array_size()... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50621

    In the Linux kernel, the following vulnerability has been resolved: dm: verity-loadpin: Only trust verity targets with enforcement Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configur... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2022-50620

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to invalidate dcc->f2fs_issue_discard in error path Syzbot reports a NULL pointer dereference issue as below: __refcount_add include/linux/refcount.h:193 [inline] __refcoun... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40317

    In the Linux kernel, the following vulnerability has been resolved: regmap: slimbus: fix bus_context pointer in regmap init calls Commit 4e65bda8273c ("ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()") revealed the problem in the slimbus... Read more

    Affected Products : linux_kernel
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4887 Results